Server details are as follows:
Fedora Core 5
IP Address 142.25.97.57
DNS zimbra.timschewe.ca
Server 2003
IP Address 142.25.97.60
Active Directory timschewe.ca
DNS tim2003.timschewe.ca
Installing Fedora Core 5
Make sure any dependencies are met by opening a terminal window and using these commands:
1. yum install samba
2. yum install samba-client
3. yum install system-config-samba
4. yum install samba-common
5. yum install pam_krb5
6. yum install krb5-devel
7. yum install krbafs-devel
8. yum install krb5-libs
9. yum install krb5-workstation
10. yum install krb5-auth-dialog
11. yum install krbafs
12. yum install ntp
As an alternative, you can rpm -qa|grep samba, rpm -qa|grep krb and rpm -qa|grep ntp to check and see if these have already been installed.
Synchronize Your Watches !
Using Kerberos requires that the server clocks agree within 5 minutes or less. The easiest way to insure this was to right click the clock in the upper right corner of Fedora’s desktop and choose change the date and time. Click the time servers tab and remove any time servers found in the list. Add your Server 2003 as the time server and close the window.
Configure Kerberos
Edit the file /etc/krb5.conf to add the domain details. These details are case sensitive – follow the case carefully or Kerberos will not function. If you do not have a DNS server running, use an IP address for kdc = rather than a domain name.
You do not have to restart any processes and can test Kerberos as follows:
1. Open a terminal window and type kinit administrator@TIMSCHEWE.CA
2. Supply the necessary password
3. If you are returned to a new prompt, Kerberos functioned correctly
Configure Samba
Edit the file /etc/samba/samba.conf to add the domain details.
Edit the file /etc/nsswitch.conf to add or edit passwd: compat winbind, shadow: compat and group: compat winbind
To test your configuration, do the following:
1. Go to /etc/samba
2. Type testparm smb.conf
3. The test output will verify your smb.conf file settings
4. You may ignore the warning about the + sign possibly causing problems with domain joins
5. If there are no problems, restart samba service smb restart
6. Type service smb status to check the service. You should see both smbd and nmbd daemons running
Join Samba to Active Directory
To join Samba to the DC, do the following:
1. Stop Samba service smb stop
2. Stop winbind service winbind stop
3. kinit administrator@TIMSCHEWE.CA and supply the Server 2003 admin password
4. net ads join -U administrator and supply the Server 2003 admin password
5. You should see the message “Joined ‘TIMSCHEWE’ to realm ‘TIMSCHEWE.CA’”
6. I used net rpc join -U adminstrator -w TIMSCHEWE instead of step 4 as it failed for me
7. You can test the join by issuing the command net ads testjoin
8. Using Fedora’s GUI tools may solve problems at this point if you are having them. Go to System -> Administration -> Authentication
9. Check enable winbind support and click Configure Winbind
10. Insure winbind domain = TIMSCHEWE, security model = ADS, winbind ads realm = TIMSCHEWE.CA, winbind domain controllers = TIMSCHEWE.CA, click join domain and enter the Server 2003 admin password
11. Start Samba service smb start
12. Start Winbind service winbind start
13. To see if the conection to AD has been made, execute wbinfo -g to see AD groups and wbinfo -u to see AD users
14. wbinfo -a username%password will check to see if the specified user and password can connect to the domain. This will fail if the password has a ! in it
Create Your Shares
You have already specified your shares in the /etc/samba/samba.conf file. In this case I want a user, student and instructor share. To do so, I did the following:
1. Open a terminal window and navigate to /home
2. Create the Samba directory mkdir samba
3. Apply privileges to samba chmod 777 /samba
4. cd samba and create the user, student and instructor directories in the same manner as step 2
5. Apply privileges to those directories as shown in step 3
Connecting to Your Shares
This was the most frustrating part of the project. Once you have connected to a share, you have to kill the session in order to start another. The course instructor suggests the easiest way to do this is simply to reboot and start again. I was able to kill the sessions in Fedora by issuing the command net status sessions and determining their process id’s (PID) and then issuing the kill -3 command. This seems to work eventually….
You can connect to a share in one of two ways:
1. Click Start -> Run and enter the share to connect to \\142.25.97.57\student
2. Supply the necessary credentials
3. Use the share
1. Open Windows Explorer
2. Click My Network Places
3. Click Entire Network
4. Click Microsoft Windows Network
5. Double click your domain
6. Double click the share
7. Supply credentials
8. Use the share
I have found that the first of these two methods is the more reliable.
Zimbra and Active Directory
To integrate Zimbra to authenticate through active directory, do the following:
1. Log into Zimbra as administrator. Configuring Zimbra
2. Click Domains and New adding the domain tim2003.timschewe.ca
3. Click Next until you reach Authentication and choose External Active Directory
4. Click Next until you reach LDAP URL and enter the IP address of the 2003 Server
5. Supply a username and password from AD to test the settings
6. If you are successful, click Finish, if not, make the necessary corrections and retry
7. Click Accounts and click New
8. Enter an AD account name and choose the AD server from the dropdown
9. Enter the balance of the new user information as you see fit
10. Quit the administrator console and start a regular instance of Zimbra
11. You should be able to log in as username@tim2003.timschewe.ca with the appropriate username and password for an AD user
Pawankumar83's Blog 